database-security

This is a documentation-only AI skill that provides guidance for database security audits (RLS, Supabase/Postgres, Convex, PGAudit). It contains no executable code, no obfuscation, and no direct download-or-execute patterns. Main security issues arise from operational misuse: the audit workflow requires supplying database credentials (including potentially high-privilege service_role keys) to agents or tooling, and delegated automated tasks may return sensitive data or perform actions if not carefully controlled. The skill's capabilities are appropriate for its stated purpose, but any automation or agent delegation must enforce strict handling of credentials, ensure redaction/encryption of sensitive outputs, and require explicit human approval for destructive operations. Recommend: require secure credential provisioning (temporary/JIT creds), redact sensitive fields in reports, limit agent permissions, and never expose service_role keys to client-side or untrusted agents.